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BEGIN 
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USER SETS UP VIRTUAL SMART CARD ON OPAL SERVER 
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USER LOADS VALUE ONTO VIRTUAL SMART CARD 
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USER ACCESSES MERCHANT SERVER WEB SITE 
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USER SELECTS GOODS AND/OR SERVICES FOR PURCHASE 
FROM MERCHANT WEB SITE 
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USER RECEIVES TOTAL SALE AND SELECTS 
"PURCHASE WITH VIRTUAL CARD" 
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INTERNET PAYMENT ARCHITECTURE AND SYSTEM 
PROCESSES ORDER 
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VIRTUAL SMART CARD DEBITED AND USER RECEIVES 
"DEBITED" MESSAGE FROM CLIENT MODULE 
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USER RECEIVES CONFIRMATION OF SALE FROM MERCHANT 
SERVER AND RECEIVES DOWNLOADED INFORMATION OR 
RECEIPT FOR GOODS AND/OR SERVICES TO BE RENDERED 
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MERCHANT RECEIVES PAYMENT TO BANK ACCOUNT BY 
WAY OF INFORMATION FROM PAYMENT SERVER 
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END 
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FIG. 11A <C 



- — BEGIN — - 

PROCESS USER PURCHASE BY SYSTEM 
— (see FIGURE 5) — - 




USER SELECTS GOODS AND/OR SERVICES FROM MERCHANT SITE AND 
REQUESTS PURCHASE WITH VIRTUAL SMART CARD 



MERCHANT SERVER RECEIVES REQUESTS FOR 
VIRTUAL CARD TRANSACTION 



MERCHANT SERVER SENDS PAGE OF INFORMATION TO CLIENT TERMINAL 
INCLUDING: TOTAL COST, CURRENCY, IP ADDRESS OF PAYMENT SERVER, 
TRANSACTION IDENTIFIER, MERCHANT IDENTIFIER. USER PROMPTED FOR 

IDENTIFIER AND PASSWORD. 



OPAL SERVER INTERACTS WITH VIRTUAL SMART CARD AND BUILDS 
DRAW REQUEST MESSAGE 



OPAL SERVER ACCESSES PAYMENT SERVER USING IP ADDRESS 



OPAL SERVER SENDS DRAW REQUEST MESSAGE PLUS ADDITIONAL 
INFORMATION RECEIVED FROM MERCHANT SERVER TO PAYMENT SERVER 
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612 



PAYMENT SERVER PROCESSES DRAW REQUEST IN 
CONJUNCTION WITH SECURITY CARD 
(see Figure 1 1 D) 
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PAYMENT SERVER SENDS DEBIT COMMAND WITH SECURITY CARD SIGNATURE 
TO OPAL SERVER IN ORDER FOR VIRTUAL CARD TO DEBIT ITSELF 
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FIG. 11B 




CARD EMULATOR PROCESSES DEBIT, 
UPDATES DATABASE AND GENERATES CARD SIGNATURE 



618 



EMULATOR SENDS RESPONSE AND CARD SIGNATURE TO CLIENT MODULE 



OPAL SERVER SENDS RESPONSE MESSAGE AND 
CARD SIGNATURE TO PAYMENT SERVER 



622 



PAYMENT SERVER DIRECTS RECEIVED RESPONSE TO 
SECURITY CARD IN TERMINAL 
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SECURITY CARD PROCESSES RESPONSE AND VERIFIES CARD SIGNATURE 



SECURITY CARD SENDS DEBIT RESULT MESSAGE TO PAYMENT SERVER 



TERMINAL UPDATES ITS DATA STORE WITH CARD NUMBER, TRANSACTION 
COUNT, TOTAL SALE, RESPONSE FROM CARD, TRANSACTION NUMBERS FROM 
VIRTUAL CARD AND SECURITY CARD, ETC. 



PAYMENT SERVER UPDATES ITS DATABASE WITH LOG OF TRANSACTIONS TO 
DATE, MERCHANT IDENTIFIER, ETC. 
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PAYMENT SERVER SENDS RESULT MESSAGE TO 
OPAL SERVER IN ENCRYPTED FORM 
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CLIENT TERMINAL PASSES RESULT MESSAGE TO 
MERCHANT SERVER 
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MERCHANT SERVER REGISTERS RESULT MESSAGE 
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MERCHANT SERVER DELIVERS INFORMATION TO CLIENT 
TERMINAL AND/OR PROVIDES RECEIPT FOR GOODS 
AND/OR SERVICES TO BE RENDERED 
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END 
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FIG. 11D <^J3EGIN STEP 614~^> 



DRAW REQUEST EDITED SYNTACTICALLY AND LOGGED 



680 



682 



DRAW REQUEST PASSED TO TERMINAL INTERFACE MODULE 



TERMINAL INTERFACE BUILDS TERMINAL SPECIFIC MESSAGE 
BASED UPON DRAW REQUEST AND TYPE OF TERMINAL 
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686 



DRAW REQUEST SENT TO TERMINAL VIA TERMINAL 
CONCENTRATOR 



TERMINAL PARSES DRAW REQUEST INTO COMPONENTS AND 
PROCESSES EACH COMPONENT IN TURN 



688 



TERMINAL REACHES DRAW AMOUNT STATE 



690 



SECURITY CARD IN TERMINAL GENERATES SECURITY CARD 
SIGNATURE AND DEBIT COMMAND 
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TERMINAL SENDS SECURITY CARD SIGNATURE AND 
DEBIT COMMAND TO PAYMENT SERVER 
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END STEP 614 
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BEGIN ALTERNATIVE 
COMPARISON OF VIRTUAL CARD SIGNATURE TO 
ALLOW SECURITY CARD TO RELEASE EARLIER 
(see FIGURE 6) 



PERFORM STEPS 602-612 AND STEPS 680-690 



702 



SECURITY CARD IN TERMINAL GENERATES SECURITY CARD 
SIGNATURE DEBIT COMMAND AND EXPECTED 
VIRTUAL CARD SIGNATURE 



704 



706 



TERMINAL SENDS SECURITY CARD SIGNATURE, DEBIT COMMAND 
AND EXPECTED VIRTUAL CARD SIGNATURE TO PAYMENT SERVER 



PERFORM STEPS 616-622 



708 



PAYMENT SERVER CODE MODULE PROCESSES RESPONSE, 
VERIFIES CARD SIGNATURE BY COMPARING RECEIVED CARD 
SIGNATURE WITH EXPECTED VIRTUAL CARD SIGNATURE 
RECEIVED EARLIER FROM SECURITY CARD 



710 




712 



FIG. 12 
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BEGIN ALTERNATIVE 
COMPARISON OF VIRTUAL CARD SIGNATURE 
BY OPAL SERVER 
(see FIGURE 7) 




PERFORM STEPS 602-612 AND STEPS 680-690 



SECURITY CARD IN TERMINAL GENERATES SECURITY CARD SIGNATURE, 
DEBIT COMMAND AND EXPECTED VIRTUAL CARD SIGNATURE 



722 



724 



TERMINAL SENDS SECURITY CARD SIGNATURE, DEBIT COMMAND AND 
EXPECTED VIRTUAL CARD SIGNATURE TO PAYMENT SERVER 



726 



PAYMENT SERVER SENDS DEBIT COMMAND, SECURITY CARD SIGNATURE AND 
EXPECTED VIRTUAL CARD SIGNATURE TO OPAL SERVER 



728 



PERFORM STEPS 618, 620 



730 



CLIENT CODE MODULE PROCESSES RESPONSE, VERIFIES CARD SIGNATURE BY 
COMPARING RECEIVED CARD SIGNATURE FROM EMULATOR WITH EXPECTED 
SIGNATURE RECEIVED EARLIER FROM SECURITY CARD VIA PAYMENT SERVER 



732 



CLIENT CODE MODULE GENERATES DEBIT RESULT MESSAGE FOR 

MERCHANT SERVER 



734 



PERFORM STEPS 636-640 
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FIG. 13 
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BEGIN ALTERNATIVE 
COMPARISON OF VIRTUAL CARD SIGNATURE 
BY MERCHANT SERVER 
(see FIGURE 8) 



PERFORM STEPS 602-612 AND STEPS 680-690 



SECURITY CARD IN TERMINAL GENERATES SECURITY CARD SIGNATURE, 
DEBIT COMMAND AND EXPECTED VIRTUAL CARD SIGNATURE 
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744 



TERMINAL SENDS SECURITY CARD SIGNATURE, DEBIT COMMAND AND 
EXPECTED VIRTUAL CARD SIGNATURE TO PAYMENT SERVER 



746 
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PAYMENT SERVER SENDS DEBIT COMMAND, SECURITY CARD SIGNATURE AND 
ENCRYPTED VIRTUAL CARD SIGNATURE TO CLIENT TERMINAL 



PERFORM STEPS 618, 620 



750 



OPAL SERVER SENDS DEBIT RESPONSE MESSAGE, RAW CARD SIGNATURE 
RECEIVED FROM EMULATOR AND ENCRYPTED CARD SIGNATURE RECEIVED 
FROM PAYMENT SERVER TO MERCHANT SERVER 



752 



MERCHANT SERVER PROCESSES DEBIT RESPONSE MESSAGE AND DECRYPTS 
ENCRYPTED CARD SIGNATURE IN ORDER TO COMPARE RAW CARD SIGNATURE 
TO CARD SIGNATURE FROM SECURITY CARD 
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MERCHANT SERVER GENERATES DEBIT RESULT 



PERFORM STEPS 638, 640 
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FIG. 14 
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BEGIN IMPLEMENTATION 
OF ADDED SECURITY LAYER TO EMBODIMENTS 
OF THE INVENTION 
____(see FIGURE 9)_^^- 



PAYMENT SERVER AND MERCHANT SERVER SHARE A 
UNIQUE DES ENCRYPTION KEY 



802 



CLIENT TERMINAL AND MERCHANT SERVER ENGAGE IN 
PROTECTED SSL SESSION 



MERCHANT SERVER DERIVES A KEY FROM THE DES KEY 
USING INFORMATION UNIQUE TO THE TRANSACTION SUCH 
AS MERCHANT IDENTIFIER, TRANSACTION IDENTIFIER, ETC. 



MERCHANT SERVER DOWNLOADS HTML PAGE TO CLIENT 
TERMINAL INCLUDING A TRANSACTION SESSION KEY (TSK) 
AND THE TSK ENCRYPTED WITH DERIVED KEY (ETSK) 



OPAL SERVER SENDS DRAW REQUEST ENCRYPTED WITH 
TSK TO PAYMENT SERVER ALONG WITH ETSK 



PAYMENT SERVER DECRYPTS ETSK WITH SHARED DES 
KEY TO PRODUCE TSK; DECRYPTS DRAW REQUEST WITH 
TSK IN ORDER TO PROCESS DRAW REQUEST, AND 
ENCRYPTS DEBIT COMMAND WITH TSK 



FIG. 15A 
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PAYMENT SERVER SENDS ENCRYPTED DEBIT 
COMMAND TO OPAL SERVER 



814 



CLIENT CODE MODULE DECRYPTS DEBIT COMMAND 
AND PROCESSES USING EMULATOR 



816 



OPAL SERVER SENDS DEBIT RESPONSE MESSAGE 
ENCRYPTED WITH TSK TO PAYMENT SERVER 



818 



PAYMENT SERVER AND SECURITY CARD PROCESS DEBIT 
RESPONSE MESSAGE AND SEND DEBIT RESULT C MESSAGE 
ENCRYPTED WITH TSK AND DEBIT RESULT M MESSAGE 
ENCRYPTED WITH DERIVED KEY TO OPAL SERVER 
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OPAL SERVER DECRYPTS DEBIT RESULT C MESSAGE AND 
PASSES DEBIT RESULT M MESSAGE ON TO MERCHANT SERVER 



822 
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MERCHANT SERVER DECRYPTS DEBIT RESULT M MESSAGE 
USING DERIVED KEY FROM DES KEY AND PROCESSES RESULT 



FIG. 15B 
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— BEGIN 
FIG. 18A ( LOAD VALUE ONTO VIRTUAL CARD 



870 



USER SELECTS LOAD VALUE OPTION FROM BANK INTERNET SITE 



871 



SMART CARD EMULATOR READS CARD BALANCE, ETC., 
AND SENDS TO BANK SERVER 



BANK SERVER DETERMINES MAXIMUM LOAD VALUE AND 
CHECKS FUNDS IN USER'S ACCOUNT 



872 
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USER ACCOUNT DEBITED BY LOAD VALUE 



BANK SERVER SENDS PAGE TO CLIENT TERMINAL 



CLIENT TERMINAL SENDS PAGE TO OPAL SERVER 
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OPAL SERVER INTERACTS WITH CARD EMULATOR WHICH 
BUILDS LOAD REQUEST MESSAGE 



876 



OPAL SERVER ACCESSES LOAD SERVER USING IP ADDRESS 



877 



878 



OPAL SERVER SENDS LOAD REQUEST MESSAGE TO LOAD SERVER 



LOAD SERVER PROCESSES LOAD REQUEST 
(see FIGURE 18D) 



879 
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FIG. 18B 




870 



LOAD SERVER SENDS LOAD COMMAND WITH SECURITY 
MODULE SIGNATURE TO OPAL SERVER 



880 



881 



CLIENT MODULE PASSES LOAD COMMAND TO CARD EMULATOR 
TO LOAD VIRTUAL CARD AND GENERATE CARD SIGNATURE 



EMULATOR SENDS LOAD RESPONSE AND CARD 
SIGNATURE TO CLIENT MODULE 



OPAL SERVER SENDS LOAD RESPONSE MESSAGE AND 
CARD SIGNATURE TO LOAD SERVER 



LOAD SERVER PROCESSES AND DIRECTS RECEIVED 
RESPONSE TO HW SECURITY MODULE 



882 



883 



884 
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HARDWARE SECURITY MODULE VERIFIES CARD SIGNATURE 



HARDWARE SECURITY MODULE SENDS LOAD RESULT TO 

LOAD SERVER 



LOAD SERVER UPDATES ITS DATABASE 
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FIG. 18C f b 
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LOAD SERVER SENDS LOAD RESULT TO OPAL SERVER 
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OPAL SERVER PASSES LOAD RESULT TO BANK SERVER 
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BANK SERVER REGISTERS LOAD RESULT 
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END 
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LOAD REQUEST EDITED SYNTACTICALLY AND LOGGED 
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LOAD SERVER PARSES LOAD REQUEST INTO COMPONENTS AND 
PROCESSES EACH COMPONENT IN TURN 



LOAD REQUEST COMPONENTS PASSED TO SECURITY MODULE 



SECURITY MODULE VERIFIES CARD SIGNATURE, GENERATES 
SECURITY CARD SIGNATURE, LOAD COMMAND 
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SECURITY MODULE SENDS SECURITY CARD SIGNATURE 
AND LOAD COMMAND TO LOAD SERVER 
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FIG. 18D 
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